From: Miod Vallat <miod.vallat@open-xchange.com>
Date: Fri, 7 Feb 2025 14:23:59 +0000 (+0100)
Subject: Do not allow dangerous operations on secondary zones unless --force.
X-Git-Tag: dnsdist-2.0.0-alpha1~45^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47303dbbe62907648539089a27204959c25bce29;p=thirdparty%2Fpdns.git

Do not allow dangerous operations on secondary zones unless --force.

This applies to: add-record, delete-rrset, edit-zone, increase-serial
and replace-rrset.

Fixes #11392, #15130
---

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index d3b1700bcd..487233f1d4 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -61,6 +61,7 @@ string g_programname="pdns";
 
 namespace {
   bool g_verbose;
+  bool g_force;
 }
 
 ArgvMap &arg()
@@ -945,6 +946,19 @@ static int increaseSerial(const DNSName& zone, DNSSECKeeper &dk)
     return -1;
   }
 
+  DomainInfo info;
+  if (!B.getDomainInfo(zone, info, false)) {
+    cout << "[Warning] Unable to get zone information for zone '" << zone << "'" << endl;
+    if (!g_force) {
+      throw PDNSException("Operation is not allowed unless --force");
+    }
+  }
+  else {
+    if (info.isSecondaryType() && !g_force) {
+      throw PDNSException("Operation on a secondary zone is not allowed unless --force");
+    }
+  }
+
   string soaEditKind;
   dk.getSoaEdit(zone, soaEditKind);
 
@@ -1204,6 +1218,28 @@ static int editZone(const DNSName &zone, const PDNSColors& col) {
     return EXIT_FAILURE;
   }
 
+  if (isatty(STDIN_FILENO) == 0) {
+    cerr << "edit-zone requires a terminal" << endl;
+    return EXIT_FAILURE;
+  }
+
+  if (di.isSecondaryType() && !g_force) {
+    cout << "Zone '" << zone << "' is a secondary zone." << endl;
+    while (true) {
+      cout << "Edit the zone anyway? (N/y) " << std::flush;
+      int resp = read1char();
+      if (resp != '\n') {
+        cout << endl;
+      }
+      if (resp == 'y' || resp == 'Y') {
+        break;
+      }
+      if (resp == 'n' || resp == 'N' || resp == '\n') {
+        return EXIT_FAILURE;
+      }
+    }
+  }
+
   /* ensure that the temporary file will only
      be accessible by the current user, not even
      by other users in the same group, and certainly
@@ -1596,6 +1632,9 @@ static int addOrReplaceRecord(bool addOrReplace, const vector<string>& cmds) {
     cerr << "Zone '" << zone << "' does not exist" << endl;
     return EXIT_FAILURE;
   }
+  if (di.isSecondaryType() && !g_force) {
+    throw PDNSException("Operation on a secondary zone is not allowed unless --force");
+  }
   rr.auth = true;
   rr.domain_id = di.id;
   rr.qname = name;
@@ -1718,6 +1757,9 @@ static int deleteRRSet(const std::string& zone_, const std::string& name_, const
     cerr << "Zone '" << zone << "' does not exist" << endl;
     return EXIT_FAILURE;
   }
+  if (di.isSecondaryType() && !g_force) {
+    throw PDNSException("Operation on a secondary zone is not allowed unless --force");
+  }
 
   DNSName name;
   if(name_=="@")
@@ -4582,6 +4624,7 @@ try
   }
 
   g_verbose = g_vm.count("verbose") != 0;
+  g_force = g_vm.count("force") != 0;
 
   if (g_vm.count("version") != 0) {
     cout<<"pdnsutil "<<VERSION<<endl;